Take Care of your .Git (folder)

by John H
~1 minute

In Light of Japan's Ebay source code getting leaked! Some websites host their version control repository (e.g. .git/) in production. Bad people can use tools to download/restore the repository to gain access to your website’s sourcecode. Check your webserver’s configuration now and make sure that it blocks access to these folders.

The fix

Using apache directives, hide access to your file tree Inside your <VirtualHost and <Directory sections include

Options -Indexes

Also restrict access to any files you might not want to be accessed. Here is a directive that restricts access to files that end with .txt and .sql - you can add additional file types by adding another pipe '|' and the file extension (if you include the period you'll need to escape it).

<Files  ~ "(\.txt|\.sql)$">
          Order allow,deny
          Deny from all

Restrict all hidden files and directories

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} "!(^|/)\.well-known/([^./]+./?)+$" [NC]
    RewriteCond %{SCRIPT_FILENAME} -d [OR]
    RewriteCond %{SCRIPT_FILENAME} -f
    RewriteRule "(^|/)\." - [F]

Related Articles

Hashtag Searching on Popular Social Networks


John H John H
~1 minute

Make your website Google Mobile Friendly

[caption id="attachment_576" align="alignleft" width="300"] Google Mobile Friendly Test[/caption]...

John H John H
9 minutes

PHP Namespace resources and Autoloading with Composer

Fantastic Article about them...

John H John H
~1 minute